Zhouyuan Yang

**Name of the Vulnerable Software and Affected Versions** Ultimate SMS Notifications for WooCommerce plugin for WordPress versions up to, and including, 1.4.1 **Description** The issue is related to a CSV Injection vulnerability in the 'Export Utility' functionality. This allows authenticated attackers, such as subscribers, to embed untrusted input into billing information, like the First Name, which can result in code execution when the exported CSV file is downloaded and opened on a local system with a vulnerable configuration. The vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks. **Recommendations** For versions up to, and including, 1.4.1, consider disabling the 'Export Utility' functionality until a patch is available to prevent exploitation. Restrict access to the billing information to minimize the risk of attackers embedding malicious input. As a temporary workaround, avoid using the 'Export Utility' feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Image Hover Effects Ultimate plugin for WordPress versions up to, and including, 9.7.3 **Description** The issue arises from insufficient input sanitization and output escaping in the Video Link values that can be added to an Image Hover. This allows authenticated attackers to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. By default, only administrators have access to edit Image Hovers, but if the 'Who Can Edit?' setting is modified to allow lower privileged users to access the plugin's features, these users can also exploit the issue. **Recommendations** For versions up to, and including, 9.7.3, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the Image Hover editing feature to only high-privileged users, such as administrators, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Image Hover Effects Ultimate plugin for WordPress versions up to, and including, 9.7.3 **Description** The issue is related to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover due to insufficient input sanitization and output escaping. This allows authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, but if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting, then this can be exploited by those users. **Recommendations** For versions up to, and including, 9.7.3, consider disabling the editing of Image Hovers for lower privileged users by adjusting the 'Who Can Edit?' setting to prevent exploitation. As a temporary workaround, restrict access to the Media Image URL value to minimize the risk of arbitrary web script injection. Update to a version later than 9.7.3 when available.

**Name of the Vulnerable Software and Affected Versions** Visual Composer Website Builder plugin for WordPress versions up to, and including, 45.0 **Description** The issue is related to Stored Cross-Site Scripting via the post/page `Title` value due to insufficient input sanitization and output escaping. This allows authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 45.0, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the visual composer editor to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Visual Composer Website Builder plugin for WordPress versions up to and including 45.0 **Description** The issue arises from insufficient input sanitization and output escaping in the 'Text Block' feature, allowing authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to and including 45.0, update to a version that addresses the insufficient input sanitization and output escaping in the 'Text Block' feature to prevent stored cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Image Hover Effects Ultimate plugin for WordPress versions up to, and including, 9.7.3 **Description** The issue is related to Stored Cross-Site Scripting via the `Title` and `Description` values that can be added to an Image Hover due to insufficient input sanitization and output escaping. This allows authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, but if a site admin makes the plugin's features available to lower privileged users through the `Who Can Edit?` setting, then this can be exploited by those users. **Recommendations** For versions up to, and including, 9.7.3, consider disabling the editing of Image Hovers for lower privileged users by restricting access to the `Who Can Edit?` setting until a patch is available. As a temporary workaround, restrict the use of the `Title` and `Description` fields in the Image Hover Effects Ultimate plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 20.0.6 **Description** The issue is related to reflected cross-site scripting (XSS) due to a lack of sanitization in the `OC.Notification.show` function. This allows for potential XSS attacks. **Recommendations** For versions prior to 20.0.6, update to version 20.0.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `OC.Notification.show` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Beaver Builder versions up to, and including, 2.5.5.2 **Description** The issue arises from insufficient input sanitization and output escaping in the 'Caption - On Hover' value associated with images. This allows authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. The vulnerability can be exploited by remote attackers to perform cross-site scripting attacks. **Recommendations** For versions up to, and including, 2.5.5.2, update to a version later than 2.5.5.2 to resolve the issue. As a temporary workaround, consider restricting access to the Beaver Builder editor to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Beaver Builder versions up to, and including, 2.5.5.2 **Description** The issue arises from insufficient input sanitization and output escaping of the `caption` parameter when uploading media files through the Beaver Builder editor. This allows authenticated attackers to inject arbitrary web scripts into pages, which will execute when a user accesses the injected page. The vulnerability can be exploited by remote attackers to perform cross-site scripting attacks. **Recommendations** For versions up to, and including, 2.5.5.2, update to a version that addresses the insufficient input sanitization and output escaping of the `caption` parameter to prevent cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beaver Builder versions up to, and including, 2.5.5.2 **Description** The issue exists due to insufficient input sanitization and output escaping in the 'Text Editor' block of the Beaver Builder plugin for WordPress. This allows authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. The exploitation of this issue can enable remote attackers to perform cross-site scripting attacks. **Recommendations** For versions up to, and including, 2.5.5.2, update to a version that includes the necessary security patches to fix the insufficient input sanitization and output escaping in the 'Text Editor' block. As a temporary workaround, consider restricting access to the 'Text Editor' block in the Beaver Builder editor to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Beaver Builder – WordPress Page Builder versions up to, and including, 2.5.5.2 **Description** The issue is related to Stored Cross-Site Scripting via the `Image URL` value in the Media block due to insufficient input sanitization and output escaping. This allows authenticated attackers with access to the Beaver Builder editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.5.5.2, consider disabling the Media block or restricting access to the Beaver Builder editor until a patch is available to prevent exploitation. As a temporary workaround, avoid using the `Image URL` value in the Media block to minimize the risk of Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** WP Users Exporter plugin for WordPress versions up to, and including, 1.4.2 **Description** The issue is related to CSV Injection via the 'Export Users' functionality, allowing authenticated attackers to embed untrusted input into profile information. This can result in code execution when the exported CSV file is downloaded and opened on a local system with a vulnerable configuration. The vulnerability can be exploited by remote attackers to perform cross-site scripting attacks. **Recommendations** For WP Users Exporter plugin for WordPress versions up to, and including, 1.4.2: Update to a version higher than 1.4.2 to mitigate the risk of CSV Injection attacks. As a temporary workaround, consider restricting access to the 'Export Users' functionality until a patch is available. Avoid opening exported CSV files from untrusted sources on local systems with vulnerable configurations.

**Name of the Vulnerable Software and Affected Versions** Joomla! Core versions 3.0.0 through 3.8.7 **Description** The issue is related to inadequate input filtering, which leads to multiple XSS vulnerabilities. The default filtering settings could potentially allow users of the default Administrator user group to perform an XSS attack. **Recommendations** For versions 3.0.0 through 3.8.7, update to version 3.8.8 or later to resolve the issue. As a temporary workaround, consider restricting the default Administrator user group privileges to minimize the risk of exploitation. Additionally, review and adjust the input filtering settings to prevent XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 12.0.3 Nextcloud Server versions prior to 11.0.5 **Description** The issue is related to an improper input validator, which could allow an attacker's actions to remain unlogged in the audit log. **Recommendations** For versions prior to 12.0.3, update to version 12.0.3 or later. For versions prior to 11.0.5, update to version 11.0.5 or later.